Difference between revisions of "Proxy"

From Dreamwidth Notes
Jump to: navigation, search
(Proxy URL in your 'hack)
(combined with content from "SSL Image Proxy" page which will redirect here)
Line 1: Line 1:
 
== What it's for ==
 
== What it's for ==
  
This is for proxying http: images included in https: Dreamwidth pages. It's probably more useful (and usable) on stand-alone dev environments than on dreamhacks.
+
Dreamwidth's SSL image caching proxy is a web service that:
 +
 
 +
* listens for requests for embedded content served via HTTP
 +
* downloads and caches the requested content
 +
* returns a temporary HTTPS link to that content
 +
 
 +
This process allows Dreamwidth to successfully display insecure (http:) offsite content on a securely viewed (https:) page. Without the proxy, either the insecure content would be hidden, or browser warnings would be generated.  The cached content expires every few hours, to avoid [http://wiki.dreamwidth.net/wiki/index.php/Legislation#The_Digital_Millennium_Copyright_Act_.28DMCA.29 DMCA] concerns.
  
 
== Building the proxy server ==
 
== Building the proxy server ==
  
Code for the proxy is located in $LJHOME/src/proxy.
+
The source code for the proxy is written in [https://golang.org/ Go] and can be found here: https://github.com/dreamwidth/dw-free/blob/develop/src/proxy/main.go
  
Build using go:
+
It's probably more useful (and usable) on stand-alone dev environments than on dreamhacks.  To build the executable:
  
 
   cd $LJHOME/src/proxy
 
   cd $LJHOME/src/proxy
Line 50: Line 56:
  
 
[[Category: Development]]
 
[[Category: Development]]
 +
[[Category: Documentation]]
 
[[Category: Dreamhack]]
 
[[Category: Dreamhack]]
 
[[Category: Dreamwidth Installation]]
 
[[Category: Dreamwidth Installation]]

Revision as of 04:58, 10 April 2016

What it's for

Dreamwidth's SSL image caching proxy is a web service that:

  • listens for requests for embedded content served via HTTP
  • downloads and caches the requested content
  • returns a temporary HTTPS link to that content

This process allows Dreamwidth to successfully display insecure (http:) offsite content on a securely viewed (https:) page. Without the proxy, either the insecure content would be hidden, or browser warnings would be generated. The cached content expires every few hours, to avoid DMCA concerns.

Building the proxy server

The source code for the proxy is written in Go and can be found here: https://github.com/dreamwidth/dw-free/blob/develop/src/proxy/main.go

It's probably more useful (and usable) on stand-alone dev environments than on dreamhacks. To build the executable:

 cd $LJHOME/src/proxy
 go build

That will create a binary called proxy in $LJHOME/src/proxy. Run that:

 ./proxy -salt_file=$LJHOME/ext/local/etc/proxy-salt

Proxy URL in your 'hack

To enable generation of the proxy URL in your 'hack, set these in your config:

$PROXY_SALT_FILE = "$LJHOME/ext/local/etc/proxy-salt";
$PROXY_URL = "https://proxy.hack.dw";
$USE_SSL = 1;

You'll need to create the proxy-salt file. Contents of proxy-salt are just a string, preferably long with randomly generated characters.

You'll also want something in front of the proxy to handle https negotiation. I recommend nginx. Sample config that will work:


    server {
        listen       443 ssl;
        server_name  proxy.hack.dw;
 
        sendfile     off;
 
        location / {
            proxy_pass http://127.0.0.1:6250;
            proxy_redirect off;
        }
    }


(for dev) Make sure you've also got an /etc/hosts entry for `proxy.hack.dw`.